XP Security Guide - JohnEriksen.net Blog

Transcription

XP Security Guide - JohnEriksen.net Blog
http://www.ebook-browser.com
XP* Security Secrets
[EXPOSED]
*Microsoft Windows XP Professional
A Microsoft Security Professional’s Guide
To Protecting Your
Data from Malicious Hacker Attacks!
 2008 John M. Eriksen
Read more unique ebooks at
www.eBook-Browser.com
1
http://www.ebook-browser.com
XP Security Secrets Exposed
A Microsoft Security Professional’s Guide
To Protecting Your
Data from Malicious Hacker Attacks!
Published by:
www.eBook-Browser.com
[email protected]
Copyright © 2008 by John M. Eriksen, MCP
ISBN 978-0-9817187-1-2
All rights reserved. No part of the contents of this ebook
may be reproduced or transmitted in any form or by any
means without the written permission of the publisher.
Microsoft and Windows are registered trademarks of Microsoft Corporation.
Special thanks to Rocky my office assistant for his faithful
support and encouragement throughout the writing of XP Security Secrets Exposed.
2
http://www.ebook-browser.com
Table of Contents
Chapter 1: Concepts & Resources
Introduction
Security Alert!
How Hackers Exploit Your System
Security Check: Where do you stand?
Concept: Built-in Administrator is King
Concept: Groups Give Power
Concept: Full Control is Powerful
Concept: Full Control + Ownership is All Powerful
Concept: Rights Control the Operating System
Concept: Permissions control Folder and File Access
Concept: Group Policy Controls Users and Computer
XPs Security Center
Built-in tools: Controlling Your System
XP Security Links
Security Tools
Tell Me Again, What Can Happen in the Internet Jungle?
•
RATS, Virus, Worms, Spyware/Adware, Trojans, Bots, & Rootkits.
Worst Case Scenario
Chapter 2: Take Action!
Do you have Service Pack 2?
Windows Updates
Are you running the NTFS File System?
Using NTFS security v. Share permissions
Stop Sharing Folders
Are your files extended?
Is Windows Firewall Turned On?
Wireless Networking Fundamentals
Did You Create Your ASR Disk?
Are You Getting Routine Windows Updates?
Do You Use Data Encryption?
Do You Have Windows Defender?
DEP – What is it? How it helps
Microsoft Security Assessment Tool
Microsoft Baseline Security Analyzer
3
http://www.ebook-browser.com
Table of Contents (cont.)
(Chapter 2: Continued)
Microsoft Office Update
Microsoft Port Reporter
Windows Live OneCare
Downloading Files
E-mail Preview
E-mail HTML View
Windows Welcome Logon
Creating a Safe User Account with Local User Manager
Before Using Your New Account
Some Programs Won’t Launch
Configuring Your Email Accounts
Chapter 3: Options
Auditing Windows XP – Who goes there?
Auditing Files and Folders
Group Policy Templates
Disaster Recovery Options
Malicious Software Removal Tool
Removing All Temp Files
10 Free Tools
Best Practices
References
4
http://www.ebook-browser.com
Chapter 1: Concepts & Resources
Introduction
The threat is real. Malicious software infects 29,000 web pages each
day, from Microsoft to the Miami Dolphins, no web site is immune. This
“malware” threatens to destroy your business data and personal files
without warning at any time. However, we don’t have to be helpless victims.
We can take action to start safeguarding our property. Today you are taking
that action! You will receive the same security procedures and checklists
used by federal agencies and top United States defense contractors to
safeguard national secrets. Review this entire guide before deciding what is
best for you. You don’t need advanced knowledge of the XP operating
system* to take advantage of this information. The text is straightforward
and each task is explained step-by-step.
A note of explanation: You will soon launch a number of programs that
may be unfamiliar to you. In order to start them quickly, please use the
“Run” box by clicking Start, then Run.
Then type in the command you will be
given. For example running secpol.msc will
launch the Security Policy console known as
Secpol. Most all these require Administrator
privilege to run.
*This guide applies to Microsoft Windows XP Professional edition (not
Home Edition). However, the concepts and security tools discussed are also
valid in both Windows 2000 Professional and Vista (all Vista OS except
Home and Home Premium) operating systems. If you have Home edition,
you should upgrade to the Professional version to take advantage of XP’s or
Vista’s security tools.
5
http://www.ebook-browser.com
Security Alert!
`
Priority #1: Acquire these three safeguards now before Internet access.
• use a router (Linksys is the most well-known)
• install antivirus software (Norton or McAfee are most common),
• install firewall software (ZoneAlarm or Comodo have free
versions).
These steps will significantly reduce your online vulnerability. So where do
you find these? Start with the hyperlinks below.
3 Linksys
3 Norton Symantec
3 ZoneAlarm
Routers
•
•
Find out if they have NAT (network address translation) functionality…must have.
Don’t get or use wireless routers until you understand how to secure them. More on this
later. Your wireless router should have RJ-45 ports for wired connections.
• Don’t experiment, get a standard brand. Linksys is a division of Cisco, a world leader.
Anti Virus
•
Don’t experiment. Use a standard brand. The U.S. Government has used Norton and
McAfee successfully.
•
You must download current virus definitions regularly, or set the software to do these
updates. You must use the “auto-protect” feature to warn of real time threats.
Firewalls
•
ZoneAlarm, Comodo, or Tiny Personal Firewall offer free versions. Check these out.
ZoneAlarm has a product with Anti-Spyware bundled with a firewall for $19.95 and a full version
firewall suite for $49.95.
Question
What is the best data protection technique invented?
•
•
•
•
NTFS file system
Cisco firewall
128 bit encryption
Backup to USB drive
Security is built in layers of protection and between those layers there will
always be potential for data loss, corruption or attack. Making backup
6
http://www.ebook-browser.com
copies of your data to store on external media is your best protection. Test
your backup! Statistics have shown that a large percentage of backups fail
when needed.
How Hackers Exploit Your System
Successful attacks occur due to vulnerabilities in your system, for
example bugs in Microsoft products, or intruder access of your system while
online with administrative privileges (we’ll discuss admin privileges later).
But these and many other weaknesses could not be so easily exploited if
your system was shielded from the outsiders in the first place. This is why
we addressed the security basics in Priority #1 above.
Security Check: Where do you stand?
All points below will be discussed later, but for now let’s see where
you stand. Keep the four points below in mind as you read the remaining
pages. You must have the latest and best configuration of your XP
operating system to optimize your online security. You must have:
; Professional version
You should have Windows XP Professional Edition, or
Windows XP Media Center Edition
;
Service Pack 2 (SP2)
Run winver to see your Windows edition, version, and SP level…
If you see SP1, you need to visit Microsoft’s Update site at
http://www.update.microsoft.com/microsoftupdate/v6/muoptdefault.aspx?returnurl=http://www.upd
ate.microsoft.com/microsoftupdate&ln=en-us
Note: As of May 2008 Microsoft has released Service Pack 3. Since some users have
had bad experiences with SP3, it would be better at this point to just continue to use
Windows Update and you will eventually receive SP3 via the updates.
You can see a more exact description of your version number by running
msinfo32.exe. Look at the line: Hardware Abstraction Layer Version =
"5.1.2600.xxxx". The xxxx part is the service pack build number. If you
have numbers such as 5.1.2600.2765 or 5.1.2600.2180, then you have a
version of service pack 2, first released Aug 2004.
7
http://www.ebook-browser.com
If you have 5.1.2600.5512, then you have the new Service Pack “3.”
•
•
•
•
Sept 2002 – SP1 released
Feb 2003 – SP1a released
Aug 2004 – SP2 released
May 2008 – SP3
;
NTFS
Run diskmgmt.msc to see if your disk(s) are running NTFS. (The
Windows directory should have NTFS. This is usually C:\windows, but may
be another drive letter.) If not NTFS, see the Convert command in Chapter
Two. (P.S. don’t run NTFS if you duel boot)
;
Current Logon Group Membership
You should know if your current user account has administrative
privileges, that is, are you an administrator? Find out by right-clicking the
Start button…if you see Open All Users, you are an administrator.
Alternatively, you can launch the Command prompt ( Start | Run cmd). In
the command prompt window, type:
net localgroup administrators
If your current username appears here, then you
are an administrator.
Other related commands are:
Hostname – shows “system name” also known as hostname or
“computer name”
net users – shows all users
net localgroup – shows all groups
Concept: Built-in Administrator is King
Windows XP computers arrive with built-in User accounts, such as Guest
and Administrator. The Administrator account is the original account with
total control of your system. This is important to realize because if you did
not create another account for yourself when you set up your system, you
are now using the Administrator account as your personal account.
Warning: This is a huge vulnerability when connecting to the Internet. We
will learn how to deal with this later by creating a regular user account.
8
http://www.ebook-browser.com
Concept: Groups Give Power
Just as there are pre-loaded built-in users, there are built-in groups. Some
of the useful ones are Administrators Group, Users Group, Power Users
Group, Network Configuration Operators Group. All Users are members of
one or more Groups by which they can obtain rights and permissions.
By default you will be logged on as the built-in Administrator, a member of
the Administrators Group. (All users in the Administrators Group have the
same privilege as the built-in Administrator.) If a hacker or malicious
software succeeds in accessing your system, they or it will have the same
rights and privileges as your current account. If you are online with
“administrative rights” (many are), malware will also have those rights and
therefore will be able to do whatever it so desires to your system. Lesson:
Create an alternate account without administrative rights to use while
online. We accomplish this in the last section of Chapter Two.
Concept: Full Control is Powerful
Your Windows computer should have the “NTFS” file system if you access
the Internet or any network. (You will learn to use NTFS in Chapter 2.) NTFS
allows you to control who (what users or groups) can access your files with
settings called “permissions.” Full Control permission means ability to
create, modify, or delete a file. The built-in Administrator is granted by
default Full Control of all important operating system files. Lesson: A hacker
who is able to access your system as Administrator can control your
system.
Concept: Full Control + Ownership is All Powerful
Even though you may have Full Control, you may not necessarily be able to
delete or control files that you did not create, or if they are not located in
your personal user folder (Profile). If you have Full Control and still can’t
perform some operation, it is likely you are not the Owner of the file. If and
only if you are the Administrator (or in the Administrators Group) you can
Take Ownership, and thereby control the file. Lesson: A hacker who is able
to gain access to your machine as an Administrator can take ownership of
your personal files plus take over your system.
9
http://www.ebook-browser.com
Concept: Rights Control the Operating System
Microsoft refers to “rights” as the ability you have to
control operating system functions, such as changing the
system time, or the ability to Take Ownership of files you
did not create. Some ‘rights’ are shown here. By default
the built-in Admin has full rights to the operating system,
however a user’s rights can be augmented or diminished
by any Administrator via the Security Policy tool
(secpol.msc). Lesson: A successful hacker may control your system rights.
Concept: Permissions control Folder and File Access
Permissions are sometimes confused with
“rights.” Yes “permissions” give you rights to
take certain actions such as opening a file,
but “permissions” only give power to control
folders and files, not operating system
functions. Lesson: Use permissions to
control who will access your sensitive files
and how, and who will not. (More on
permissions in Chapter 2.)
Concept: Group Policy Controls Users and Computer
The most powerful security tool in Windows XP is the
Group Policy Editor (gpedit.msc). You must be
familiar with this tool before using it.
All the important settings are located in Computer
Configuration | Windows Settings | Security Settings
(Secpol.msc is a smaller version the gpedit.msc tool.) Î
10
http://www.ebook-browser.com
You may find gpedit.msc unnecessary as
there are already several tools that do a
good job of securing your system. See XP
Tools below. But if you do use it to make
changes to some settings, make a note of
it—you can always reverse the change. Or
you can disable all
Group Policy by right
clicking on the Local
Computer Policy icon
and choosing to
Disable.
P.S. Using secpol.msc, also known as “Local Security Policy” (located in Control Panel |
Administrative Tools) gives you access to security settings without the extras shown in
Group Policy Editor (gpedit.msc). Security Templates are another way to set security
policy which you will learn about in Chapter Three.
XPs Security Center
XP features a Security Center to check your basic security
settings. Click Start | Settings | Control Panel | Security Center
Check this out and verify that all are TURNED ON. Use the built-in XP
firewall, OR install a 3d party firewall and use it without XP’s.
Built-in tools: Controlling Your System
XP’s security tools are known as “consoles” — all have the extension .msc.
Many of these can be used to tighten security on your system. You may
have seen some of these tools in the Control Panel | Administrative
Tools window. To see them all, use your Find utility to search for *.msc .
Most are listed on the next page.
11
http://www.ebook-browser.com
XP Security Links
Windows Update – run wupdmgr.exe or go to http://windowsupdate.microsoft.com/
Windows Defender – Download Page
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Windows Malicious Software Removal Tool - Download Page
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F549AB3-75B8EB148356&displaylang=en
Microsoft Security Tools Page
http://www.microsoft.com/downloads/browse.aspx?displaylang=en&productID=48B4FDF
4-6D3A-4245-B798-C6FE2FD31153
Microsoft Security Page
www.microsoft.com/protect
SANS.org
http://www.sans.org/free_resources.php
The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and
education organization. Its programs now reach more than 165,000 security professionals around the world.
Tools Below
12
http://www.ebook-browser.com
XP Security Tools
(must be Admin to run)
All tools can be launched from the Run command (Start | Run)
Local User Manager. Create, disable, or delete user accounts. Add to or
remove users from groups. (Groups determine rights)
Local User Manager. This is another tool with the same functionality as above,
but with the new XP interface and colors.
Event Viewer. View 3 types of logs. #1. Auditing (security) events, #2. System
events #3. Application events.
Group Policy Editor. Allows you to set password policies, create audit logs,
assign user rights, apply special file permissions, and much more.
Security Policies. Enables setting various security settings, user rights, and
auditing of activity. Similar as Group Policy Editor above.
File Share Management. Control the shared folders on your computer
Computer Management. A multipurpose utility containing many of the tools
shown here into one interface. (compmgmt.msc)
Disk Management. See all your disks at once and view their attributes. Use it
to view disk space, type of file system (NTFS or FAT32), and more.
As with all tools here, must be an administrator to run it. Normally used by a
technician for troubleshooting. Start or stop programs from running
automatically at startup, plus other features. Do not alter Boot.ini, except to
enable SOS if desired.
Lots of information about hardware and software here. Usually located in
C:\Program Files\Common Files\Microsoft Shared\MSInfo
Registry Editor. The master database the controls the operating system. Never
use it unless you are an expert, then at your own risk.
Registry Editor. Same as above, but you can set permissions on certain keys if
desired. You should never need to use this normally. This version can be run in
“read only” mode.
Some of these tools are found in the Administrative Tools folder in the Control Panel. To
find a more complete list copy and paste the following into your Find utility.
lusrmgr.msc, compmgmt.msc, gpedit.msc, regedit.exe, regedt32.exe, secpol.msc,
nusrmgr.cpl, eventvwr.exe, eventvwr.msc, boot.ini, msconfig.exe
Caution: do not run the regedit or regedt32 utilities without knowing exactly what you are doing, the reason
and the consequences. Many of the same changes can be made safely in the system’s Control Panel.
13
http://www.ebook-browser.com
Tell Me Again, What Can Happen in the Internet Jungle?
You will eventually encounter RATS, Virus, Worms, Spyware, Adware,
Trojans, Bots, & Rootkits. How will you defend yourself?
RATs
Remote Access Trojans (RATs) — malicious software that hackers use to
control your computer via the Internet. How to protect yourself? Don’t put
your email address on the big Interent sites. Follow all the advice in this
guide (see Email Preview and Email HTML sections below).
•
Read more from Microsoft
http://www.microsoft.com/protect/computer/viruses/rats.mspx
VIRUS
Typically transferred via email attachments. A virus is a small program
infecting your applications. The primary focus of a virus is to reproduce. It
requires a host application to do this. So, viruses cannot replicate on their
own. The virus may cause havoc by deleting system files or displaying odd
graphics. So don’t open unknown attachments. Unless known, don’t visit
web sites soliciting you. Install antivirus. Update virus definitions weekly.
Scan unknown files before opening (for example, point to the program file,
right-click, choose scan now).
WORMS
Worms are somewhat different from viruses in that they are self-contained
programs. A worm can recreate itself by using e-mail and disk drives. A
worm can delete and replace files. The worm can act like a virus by using
an e-mail client, like MS Outlook.
ADWARE & SPYWARE
Adware is sometimes an “add-on” which gets installed secretly on your
computer when you are installing or downloading software. Antivirus
vendors are starting to add adware and spyware functionality into their
products so pay a little more and get adware/spyware bundled with your
antivirus. None of these are perfect. Windows Defender is free from
Microsoft and can offer protection from spyware and some RATs.
• Read more
http://www.spywareguide.com/txt_intro.php
14
http://www.ebook-browser.com
Spyware can be more dangerous than adware. PCWorld found Webroot
Software's Spy Sweeper 5.0 and Spyware Doctor 3.8 the best software
for this problem. They mention a FREE product, Ad-Aware SE Personal
1.06, but with no real-time protection.
Spyware Doctor was overall best. They did not recommend Spybot.
TROJANS
Programs in disguise. For example, a Trojan horse can be named
Notepad.exe and have the identical icon as Notepad. However, when a
user executes Notepad.exe, the program may alter your data or system
files. Solution: Follow all the advice in this guide! On larger networks, an
Intrusion Detection System (IDS) can be configured to look for certain files
and detect when they increase in size, indicating a Trojan horse.
BOTS
Bots are malicious software that can secretly control computers making
them participate in networks known as “Botnets.” These networks can
harness massive computing power and Internet bandwidth to relay spam,
attack web servers, infect more computers, and perform other illicit
activities.
ROOTKITS
Potentially dangerous hidden software programs installed in your system
and controlled remotely. Wow, this is bad stuff. Until recently, this was
totally stealth programming. Anyone could have this without knowing it.
There are some recent products that offer some protection however. See the Free Tools
section in Chapter 3 and look for Rootkit Detection.
For Windows, there are many free detection tools such as Sophos Anti-Rootkit, F-Secure
Blacklight, Hypersight Rootkit Detector or Radix Anti-Rootkit. Another Windows detector is
RootkitRevealer from Microsoft (formerly Sysinternals) which detects current rootkits by
comparing the results from the OS to the actual listing read from the disk itself (crosschecking). However, some rootkits started to add RootkitRevealer to a list of files it does
not hide from -- so in essence, they remove differences between the two listings, and the
detector doesn't report them (most notably the commercial rootkit Hacker Defender
Antidetection).
GOOGLE
Why is Google tracking you and archiving the data? The theme of this guide
is “don’t give your information away,” so research other search engines
also, e.g. Scroogle. Since 2000, Google has been recording search terms,
the date-time of each search, globally-unique cookie ID, & your IP address.
All information is available to governments on request.
15
http://www.ebook-browser.com
Worst Case Senario
Your operating system may be so corrupted that you are left with no
choice but to reformat the hard drive. Bad news, but there are some
benefits. It will force you to backup all your data. You will end up with a
clean hard drive without malware. Here are the assumptions:
1. You data is not infected with a virus, or existing viruses can be
cleaned by the anti-virus software.
2. You are able to BACKUP your data to an external drive
3. You have a vendor’s reinstallation CD, or “Recovery CD” of Windows
XP, and your have the Product Key (ID number) for it.
4. You have all your existing software on external media ready to
reinstall and have any necessary Product Keys (ID numbers).
5. You familiarize yourself with your computer’s BIOS interface and know
the password if necessary. Not likely, but you may need to change the
boot order for launching the recovery CD.
6. Your CDROM is working properly.
7. You have at least a day’s time to complete all tasks.
But wait—Windows XP includes a “Restore” feature and you should try
this first. Go to Chapter Three under Disaster Recovery for more options.
16
http://www.ebook-browser.com
Chapter 2: Take Action!
Do you have Service Pack 2?
SP2 is ‘Service Pack 2.’ It is a major security update to Windows XP and
you’ll need it if you are only at SP1 because Microsoft offers Updates only
to those with SP2. To find out your service pack level, click Start, then Run,
type in winver. See below for downloading SP2.
Windows Updates
Closely related to service packs are Windows Updates. Microsoft says this
about Service Pack 2 and Windows Updates.
1. Visit the following Microsoft Web site: http://windowsupdate.microsoft.com
2. Click Express Install (Recommended).
3. If your computer qualifies, Windows XP SP2 will be one of the updates
automatically selected. Click Install.
4. Review and accept the End User License Agreement (EULA).
Windows XP SP2 will be downloaded to your computer, and the Windows XP
Service Pack 2 Setup Wizard will help you install it. Downloads could take 1
hour, more or less.
Also try:
http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
You need to be logged on as an Administrator to check for and receive
the updates. But as we learned above, always avoid using the Internet as
an Administrator. Instead, you should click Start, then point to Windows
Update and right-click it. Choose Run As, then log as your Admin account
to connect to the site.
To ensure you will receive routine Windows security updates, go to Start
| Settings | Control Panel and click Automatic Updates
17
http://www.ebook-browser.com
Are you running the NTFS File System?
One of the most powerful security features of XP is the NTFS file system.
But even though your hard disk should already be set to use NTFS, you
may not be running NTFS! To find out what file system you are running,
click Start, the select Run. Type in
diskmgmt.msc
The Disk Management tool will allow you to see all
your disks at once and see the File System, Free
Space, etc. Take notice: Having the NTFS file
system will not be very useful if Security tabs are not
displayed on the Properties boxes for files and
folders. If you know you have NTFS but no Security
tab, right-click Start | Explore | Tools | Folder Options
| View | Scroll down and uncheck “Use Simple File
Sharing.”
Now if you find you do not have NTFS (you have FAT32), you may want
to backup your data before converting to NTFS. However the Convert
function has no affect on data. To convert your FAT32 file system to NTFS
use the convert command. Here’s how:
Click Start, the Run, Type in
cmd
then hit OK.
At the command prompt, type: CONVERT c: /FS:NTFS
Replace the drive letter c: (representing your
system drive) with the appropriate letter if
yours is different. The convert process may
indicate that it will only convert after you
restart your computer, so restart if necessary.
If you already have NTFS, you will get the window shown here.
Note: Some older programs may not run on an NTFS volume, so you should research the
current requirements for your software before converting. Note: If you have multiple operating
systems on your computer you should not use NTFS; you should remain with FAT32 to ensure all
partitions are fully accessible.
18
http://www.ebook-browser.com
Using NTFS security v. Share permissions
Don’t confuse NTFS security (Using the Security tab on a file’s
Properties sheet) with Share Permissions. Shares are convenient for
making files visible over a network and they provide very basic permissions.
Launch the fsmgmt.msc utility to create shares. Use NTFS permissions to
secure your files. (Reminder: To use NTFS permissions, right-click on any folder or
file, select Properties, then click the Security tab and choose your settings.)
Stop Sharing Folders
Be aware of what folders you are sharing. To see these, click Start, then
click Run. Type in
fsmgmt.msc
then click OK. In the left pane, click Shares. All shares should appear. As a
general rule, don’t share folders. If you don’t need to share, then right-click
on the share and select Stop Sharing.
Alternatively, you can see all shares by entering your computer name in
the Run box preceded with double backslashes, e.g.
\\ComputerName . (You can find your Computer Name (also known as
system name, or hostname) by running
msinfo32
in the Run box. Look on the right for System Name.)
(P.S. msinfo32 will take a few seconds to load.)
Are your files extended?
Scenario: You open a file named Favorite.jpg---obviously an innocent jpg
photo, no security problem. But then--a small program executes. Why? The
file’s full name is Favorite.jpg.exe. Strange name for a file, and this one
happens to be a virus! You didn’t see the exe because your “file extension”
view was set to HIDE extensions! To verify you are seeing complete file
names: Right-click Start | Select Explore | Click the Tools menu | Folder
Options | View, | UNCHECK “Hide extensions to known file types”
19
http://www.ebook-browser.com
Is Windows Firewall Turned On?
XP has a built-in firewall that should be turned on if you do not already have
a firewall running. You can check your firewall status by going to Start |
Settings | Control Panel | Windows Firewall.
Wireless Networking Fundamentals
There are many possible wireless configurations of hardware and software.
Let’s look at the most common and hopefully you can draw from this
knowledge and apply it to your circumstances. As our example, let’s look at
the Linksys BEFW11S4 Wireless Access Point (also known as a wireless
router). You must at a minimum configure the routers Setup page by
running http://192.168.1.1, (Do this with the a “wired” network connection to the router!)
•
•
•
•
•
•
Reset the admin password (default user name is blank, password is admin)
Reset the default SSID
Disable SSID broadcast
Change the default channel
Enable WEP with 128 bit key
Change authentication type to shared key
This can all be explained in detail in your owner’s manual or at your
manufacturer’s web site. For example the Linksys wireless security is
explained at:
http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=4024&p_sid=UcVbWIYi&p_lva=3967#
Linksys also has a Network Security page at
http://www.linksys.com/servlet/Satellite?c=L_Content_C1&childpagename=US%2FLayout&cid=1169671217533&packedargs=site%3
DUS&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=1753391212B05
Did You Create Your ASR disk?
Use the Automated System
Recover disk to recover from system disasters. To do this run ntbackup. (or
(Skip this one if you don’t have a floppy disk drive.)
Start | Programs | Accessories | System Tools | Backup )
In the Welcome to the Backup/Restore Wizard window, click Advanced
Mode. Click Automated System Recovery Wizard.
20
http://www.ebook-browser.com
Do You Use Data Encryption?
You should take advantage of XPs encryption feature for any sensitive files.
File Properties, then Advanced, then Encrypt contents…
There is one caveat. If you ever need to access your encrypted files from another
account, you will receive Access Denied. Say your account is corrupted and you logon
to the Administrator account to copy all your data. You will be unable to open or copy
any encrypted files. Solution: backup all encrypted files to a FAT32 USB drive and they
will always be available.
Do You Have Windows Defender?
Defender comes with Windows Vista. If you use Windows XP SP2, you can
download Defender FREE. This software scans for spy ware.
http://www.microsoft.com/athome/security/spyware/software/default.mspx
DEP – What is it? How it Helps
Data Execution Prevention (DEP) can stop damage from viruses which
attack by executing code from within sections of memory that only Windows
and other programs normally use. Without DEP, malware could spread and
harm other programs, files, and even your e-mail contacts.
You need to open System Properties by clicking Start, point to Settings,
click Control Panel, and then double-click System.
Click the Advanced tab and, under Performance, click Settings.
Click the Data Execution Prevention tab.
21
http://www.ebook-browser.com
By default, DEP is only turned on for essential Windows operating system
programs and services. To help protect more programs with DEP, select
Turn on DEP for all programs and services except those I select.
Microsoft Security Assessment Tool
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Download the Microsoft Security Assessment Tool and install it on your computer to
obtain information and recommendations about best practices to help enhance security
within your information technology infrastructure.
Microsoft Baseline Security Analyzer (MBSA)
MBSA scans for missing security updates and common
security misconfigurations. It offers an improved user
experience, expanding product support, and can be used
in conjunction with Microsoft Update and Windows Server
Update Services.
After downloading, disconnect from the Internet. Logon as
an Administrator and disable your firewall, then install the
downloaded program. Logoff then relog to your non-admin
account. You can now use the Run as feature to run
MBSA. Locate the program icon (mbsa.exe) in C:\Program
Files\Microsoft Baseline Security Analyzer 2, right-click and
choose Run as….
Perform a simple scan with the first 4 boxes checked.
http://www.microsoft.com/downloads/details.aspx?FamilyID=F32921AF-9DBE-4DCE-889E-ECF997EB18E9&displaylang=en#filelist
Microsoft Office Update http://office.microsoft.com/downloads
Microsoft Office Update scans and updates Microsoft Office products
Download Office SP3 if applicable
http://www.microsoft.com/downloads/details.aspx?FamilyId=85AF7BFD-6F694289-8BD1-EB966BCDFB5E&displaylang=en#filelist
Port Reporter http://support.microsoft.com/?id=837243
The Port Reporter tool runs as a service on computers running Windows Server 2003,
Windows XP, or Windows 2000 and logs TCP and UDP port activity.
22
http://www.ebook-browser.com
Windows Live OneCare
Finally, Microsoft has introduced an all-purpose security tool that integrates
anti-virus, firewall, backup and restore utility, and a tune-up utility along with
the functionality of Windows Defender for malware protection. The
downside is that it available as a paid subscription download. There are
some nice features, but the product was rated in February 2008 by AVComparatives.org as second last in its testing of seventeen anti-virus
products. You be the judge…see the free trail offer at
https://connect.microsoft.com/onecare
Downloading Files
Think before you download any file. Do you know and trust the source? Do
you really need the file now, or can you wait and do some research before
downloading? When you receive a prompt to Save or Open, always Save,
and then scan the file with your anit-virus. Verify that your “file extension”
view is not hidden. (See Are Your Files Extended? above)
E-mail Preview
Disable your e-mail’s ‘preview’ feature so you don’t automatically open
messages when you get new e-mail. Certain malware takes advantage of
this open message feature in Outlook and Outlook Express. With preview
off, you can decide to open a message or not, and delete those unknown
senders before opening.
E-mail HTML View
There is also a vulnerability associated with the pretty HTML look of e-mail.
Can you live without the HTML look? If so, read plain text only. It is another
layer of security and it will protect you from certain hackers. As a practical
example, in Outlook Express, ver 6 you would choose Tools | Options |
Read, then choose “Read all messages in plain text.” (You can see HTML if
desired when viewing the email, press Alt + Shit + h. When refreshing, the
view will revert back to plain text.)
23
http://www.ebook-browser.com
Windows Welcome Logon
It is sometimes considered a security issue because this screen will show
half of your logon credentials—your logon name. If this is not an issue,
disregard this section. However, if you want a simple logon box that shows
only two text boxes to input your
username and password at each logon,
then you must run nusrmgr.cpl and then
click “Change the way users logon or off.”
In the window to the right uncheck “Use
the Welcome Screen.”`
The next time you logon, you should see
the Windows Security dialog window (instead of Task Manager) whenever
you press alt + ctrl + del.
At logon the password box is initially blank. In order to make the username
box blank also, you need to edit the Registry. If you feel confident and need
to do this, click Start | Run and then type in regedit. ( You must be an
administrator to launch Regedit.)
HKEY_Local_Machine | Software | Microsoft | Windows | Policies | System
Then in the right pane, click DontDisplayLastUserName and replace the
zero with one. (1 meaning yes, do not display the last user name.)
P.S. Microsoft always warns all users that editing the Registry is at your own risk. This is
to prevent liability for system malfunction and also to caution inexperienced users.
Creating a Safe User Account with Local User Manager
(lusrmgr.msc)
Goal: To deny any potential hacker administrative rights to your system by
creating an alternate user account.
In Chapter One we learned of the pitfalls of working online with
Administrative rights. So our first priority is to create a new non-Admin user
account for your online activity. You may find that this will serve as your
primary user account. After all, if there is an occasional program that
requires Administrator privileges, you can right-click and choose Run As…
24
http://www.ebook-browser.com
and then select your Admin name and password for running the program.
Your new user account will keep you out of hot water even if a hacker does
succeed in accessing your hard drive.
Here is Microsoft’s page on the need for a non-admin account, but not much guidance is given:
http://www.microsoft.com/nz/athome/security/online/logoff_admin_account.mspx
Unfortunately, Microsoft does not give you the whole picture on setting up your limited
user account. Here it is…
1. You must manually create a new user account (no big deal).
2. You must move or copy all your data files from your existing Admin account to
your new account (just follow directions here)
3. You must configure your email settings from scratch (guidance is provide below
on Outlook Express and Outlook)
4. When using your new account you’ll be unable to install or run certain programs
in the normal manner, but can you right-click on the file & select Run As to enter
your admin password to solve this. You do not need to reinstall programs.
5. If any have encrypted any files or folders, unencrypt them before moving/copying
Typical Built-in Users
Typical Built-in Groups
P.S. Your system may also come with one other administrative account named Owner.
If you have a factory installation of Windows XP with an Owner account,
and are now using that account, whether named Owner or renamed, then
you can easily remove Owner from the Administrators Group and thereby
gain the benefits of a limited user account. On the other hand, if you have
been using the built-in Administrator account, there is no way to remove it
from the Administrators Group so you will need to create a new user (or use
an existing one).
Below are directions for creating your new user account. But at this point,
you should consider backing up your data. There are three good reasons for
doing this first with an external USB drive. The benefits are #1. It provides a
current backup, #2. It serves as your source to get your data copied to your
new account #3. All data will be accessible! (If any of your files are
25
http://www.ebook-browser.com
encrypted or have NTFS permissions, they would be inaccessible in a new
profile—Access Denied. However, the data will be free of these restrictions
once it has been retrieved from your external USB drive, assuming that
drive is FAT32.) So this is a good way to transfer your data. If you don’t use
an external drive to transfer your data, then follow the directions below
under Before Using Your New Account.
What to Backup?
• File/folders on your Desktop
• Data files in your My Documents folder
• Any other folders were your data is stored
- My Pictures, My Videos, My eBooks, etc.
• Favorites folder
• Email stores*
- Outlook’s .pst file, or the Outlook Express Identities folder
* More on this under Configuring Your Email Account below.
How to Create a New User Account
1. Click Start, select Run
2. Type in lusrmgr.msc. Click OK. If you are indeed a member of the
Administrators group you will receive the dialog box below.
In case you are not a member of the Administrators Group, you will get the error
below. If so, logon as an Administrator to accomplish this task of opening the
local user manager.
26
http://www.ebook-browser.com
Are you actually an administrator? Find out by right
clicking on the Windows Start button. Only
administrators will see the Open and Explore All
Users as below.
3. You will create a new user account for yourself that is a member of the
built-in User group and no other group. In Local Users and Groups, #1click the Users folder on your left, #2- click the Action menu, #3- click New
User…
Creating a New User which is not an administrator
4. Complete the New User dialog. A User
name and password are all you need.
Uncheck the “user must change password”
box, and then click Create. You should now
see your new account listed in the right pane
Local Users and Groups.
of
5. Now double-click your new account name
on the right, then click on the Member Of tab to verify you are a member of
the Users group only. One exception: you may want to click the Add button
on the lower left (then Advanced, then Find Now) to add yourself to the
Network Configuration Operations group to allow yourself to control your
network connections.
27
http://www.ebook-browser.com
TIP: At this point you may want to create an alternate Administrator account. There are
three good reasons to do this. #1. It is rare, but the Administrators account can become
“locked out.” (I have seen this happen when account policies are set for lockout.) #2. the
admin account, like any other, can become corrupted. #3. You may forget the admin
password. Worst case, this could require reinstalling the operating system. With a
second admin account you are saved the pain of any of these possibilities.
Create a new user account as your did above, then in the Member Of tab, add the user
to the Administrators group. Store the password in a safe place.
P.S. All Administrator passwords should be at least 8 characters and should
include letters, numbers and at least one character, such as. @ # $ % ^ & * ( > .
6. After you create one (or both) of the accounts discussed above, make a
note of your new user name(s) and password(s), then log off.
7. Now logon to your new non-admin account with your new user name and
password. (This first logon will create a new folder automatically for you
under the system’s Documents and Settings directory. The folder name is
the same as your user name.)
Review
You have created a new user account with basic User Group privileges
only. (At your option, you have created an alternate Administrator account
also.) Whenever you access the Internet, you should logon with your new
non-admin account.
Before Using Your New Account
Complete these two basic steps: #1. Set permissions on your Admin profile
folder for your new account to have permission to access to your existing
data. #2. Move or copy all your existing files to your new account.
STEP ONE. Set Permissions
a. Logon to your admin account.
b. Right-click on Start, then choose Explore.
28
http://www.ebook-browser.com
c. Navigate in the left pane to the Documents and Settings folder and
open it. On the right, find the folder named for your current logged on
user name. This is the original Admin account you are now using.
d. After right-clicking, choose Properties, click the Security tab, click Add.
e. Click Advanced, then click Find Now
f. In the user list, click the entry with the user name of your new account,
then click OK.
g. Click OK, then In the Permissions list, check the “Allow” box adjacent
to Full Control. (All checkboxes should now be checked.) Click OK. (If
already checked, go to the next step.)
h. If you want to verify that you have Full Control including the Take
Ownership right, click Advanced, then click the User Name of the new
user account, then click Edit. Scroll down in the Permissions box and
verify all boxes are checked.
STEP TWO. Copy your data to your new account folder.
a. Log on to your new account.
b. Right click on Start, choose Explore,
then navigate to Documents and
Settings
c. In a nutshell, you will navigate to your
admin account folder, locate your data folders and files, and then paste
them into your new account folder or subfolders. Start by copying data in
you’re My Documents folder, then pasting it to your new My Documents
folder. Then do the same for your Desktop files and any other locations
where you store data. It will be best to transfer a few folders at a time.
Don’t forget to copy any other data folders on your hard drive, your MS
Outlook .pst file (or Outlook Express “Identifies” folder) you’re My folders
(My Pictures, My Favorites, My Videos, etc.)
29
http://www.ebook-browser.com
Some Programs Won’t Launch
Once you begin using your new user account, you will find that you can’t run
the security tools discussed above, or certain other software. Here are
some solutions:
1. Point to the security tool you are unable to run, right-click on the tool’s
icon and choose “Run As.” You will be prompted to enter your admin
account name and password and then the program should run
normally, or
2. Logoff from your new user account and logon to your administrator
account to install software that requires admin privilege to install.
3. The Ultimate Solution. Make a master control panel with 45 tools for
your non-admin desktop! Open any tool by right-clicking and choosing
Run As…to enter your admin name & password. All tools will be in
one folder…this will combine your Administrative Tools folder and
your Control Panel.
a. Create a new folder on your desktop. Name it Admin-Tools.
b. Click Start | Search and select All Files and Folders
c. Type in * . m s c , * . c p l , m m c . e x e , s y s t e m i n f o . e x e , m s c o n f i g . e x e
then click Search
d. When complete, expand the search results window to full size
e. Click View | Arrange Icons by | Type
f. Click the In Folder heading twice so that you can see all tools
belonging to the c:\windows\system32 folder at the top – approx
43 files should be listed in System32.
g. Click once on the very top icon listed in the System32 category,
then press & hold the Shift key. Scroll down to the last tool
under system32, including the one below it (msconfig.exe), and
click msconfig.exe to highlight the entire list of tools. Right-click
on the highlighted list and choose Copy.
h. Right-click on your new Admin-Tools folder on your desktop,
then choose Paste.
i. You now have a master admin tools folder that you can run from
your non-admin account by using the Run As feature.
lusrmgr.msc, eventvwr.msc, fsmgmt.msc, compmgmt.msc, secpol.msc, gpedit.msc, diskmgmt.msc,
regedit.exe, regedt32.exe, nusrmgr.cpl, msconfig.exe, msinfo32.exe, systeminfo, mmc.exe, access.cpl,
appwiz.cpl, desk.cpl, firewall.cpl, hdwwiz.cpl, inetcpl.cpl, intl.cpl, irprops.cpl, joy.cpl, jpicpl32.cpl,
main.cpl, mmsys.cpl, ncpa.cpl, netsetup.cpl, nvtuicpl.cpl, nwc.cpl, odbccp32.cpl, powercfg.cpl,
prefscpl.cpl, sysdm.cpl, telephon.cpl, timedate.cpl, wscui.cpl, wuaucpl.cpl
30
http://www.ebook-browser.com
PS. Msconfig.exe will run under Administrative accounts only.
Systeminfo runs in the command window only (Run | cmd). However, you can create a
simple batch file to run systeminfo from your desktop if you like—
1. Right-click on the desktop, choose New | Text
Document
2. Type in: systeminfo.exe, hit Enter and type pause
3. Save the file as systeminfo.cmd
Configuring Your Email Accounts
If you did create a new non-admin user account and plan to use it as
your primary account, this section will briefly explain how to setup your new
email account. Of course, every new account will have access to all
installed programs, including Outlook and Outlook Express. However, you
need to enter all the settings (smtp and pop server etc.) and copy your
existing mail folder to the correct store location in your new profile. The
example below is for Microsoft Outlook Express 6.
The first step is to backup your mail store folder. Open Outlook Express
and point to the Tools menu. Follow this path…
Tools | Options | Maintenance and then click Store Folder.
You will see a long path, for example:
C:\Documents and Settings\Joey\Local Settings\Application Data\Identities\{543ADD3D-5ABC-4543-8ABC8f7AA70C1234}\
The folder after Identities (with the alpha-numeric string) is your mail store
folder. Be sure to backup this folder and copy it to your new profile under
the same path under Application Data\Identities.
MS Outlook: Backup your .pst folder
Open MS Outlook and select the folder view on the left. Right-click on the
Personal Folders folder, select Properties, then click Advanced. You should
see your .pst in the path next to Filename. Navigate to the folder containing
the .pst file and copy your .pst file to external media (USB disk drive, etc.)
P.S. This file is usually hidden by the operating system and so a search for
.pst will not find the file.
Default .pst location is: Documents and Settings\Local Settings\Application
Data\Microsoft\Outlook folder
31
http://www.ebook-browser.com
Note The default location is a hidden folder. To view these type folders use Windows Explorer,
click the Tools menu, click Folder Options. On the View tab, under Advanced Settings, under Files
and Folders, under Hidden files and folders, click Show hidden files and folders. If you want to see
all file name extensions, clear the Hide extensions for known file types check box under Files and
Folders. Hidden folders appear dim, indicating atypical folders.
See Microsoft for more information on this.
The second step is to logon to your original user account where you get
your email to copy your settings. In this example you would open Microsoft
Outlook Express 6, then go to the Tools menu | Accounts | Mail |
Properties. Get a pen and write down the exact settings under all tabs.
Especially important are the General tab and the Servers tab, e.g., the
POP3 Server name, SMTP Server name, etc. Later, when you logon to your
new account, launch your email program and enter the settings exactly as
they were in your former account. For example, launch Outlook Express 6,
go to Tools | Accounts | Mail tab | Properties. Configure the settings to
match your original mail account.
32
http://www.ebook-browser.com
Chapter 3: Options
Auditing Windows XP – Who goes there?
If you allow others to use your XP computer, you can setup auditing to
record logs of who logs on (or attempts to logon) and when. Here’s
how…
1.You must be logged in as an administrator. Click Start | Run then type
in secpol.exe.
2.In the resulting Local Security Setttings window, double-click Local
Policies, then double-click Audit Policy.
3.In the right pane, double-click Account Logon Events and check
“Failure” Do the same for Logon Events. Also check Success if you
need a complete log of all logons.
4. To view your logs, Run eventvwr.exe. Click Security in the left
pane. To increase your log size, you may want to right-click on
Security and select Properties. For example, increase the log size
from 512 to at least 9984.
Auditing Files and Folders
At your option, you can audit files to see who is accessing them or
attempting to access. You view the log in the same way as step 4 above.
While you may have a need to do this, there are two drawbacks. #1. Your
computer may slow down slightly depending on the amount of “object”
auditing being done. #2. Your logs will grow and take disk space, depending
on the log size you set.
There are two steps in auditing files & folders. You must logon as an
administrator to set auditing. First, you must turn on auditing by:
1. Run secpol.msc via the same steps in the previous section.
2. In the Audit Policy window: Select Audit Object Access.
Check “Failure.” You may also check “Success,” however this will
generate a large log and may slow your performance. You can judge for
yourself how your system responds to your decision to audit files.
33
http://www.ebook-browser.com
Second step is to select the files you want to mark for auditing. In Windows
Explorer, or any method you choose:
1. Navigate to a file you want to monitor via auditing.
2. Right-click the file or folder, then choose Properties.
3. Select the Security tab, then click Advanced. (If there is no security tab see
the section above Are You Running the NTFS File System, 2d paragraph).
4. In the Advanced security box, click the Auditing tab at top. (There will be
no auditing tab if you are not logged on as an administrator.)
5. Click Add…
6. Select the user you want to monitor for this file. If you click Find Now
you will see a list of objects to choose from. Selecting Everyone will
audit all user/objects attempting to open this file (resource intensive).
7. View your audit log (also known as the security log) via Step 4 in the
previous section.
Group Policy Templates
We are now getting into a security feature used by all those who guard
secret information and require a complete and uniform structure to their
security settings. This is accomplished with a master security database of
settings that define permissions and rights to all files.
The benefit of using a security template is that all
settings are retained in a single file and can be copied
to CDROM and applied to other computers, or used to
reapply a thorough security policy to a reformatted computer in just
seconds.
(P.S. If you were to copy a template to a CD to be used on other standalone computers, the policy must
use only built-in groups to assign permissions and rights. All newly created users have unique ID numbers
that will not be recognized on other systems.)
It is important to know up front that Microsoft has included several predefined templates for your use (more on these later), which can be edited
and saved. When you create a security template many settings will be
applied to your computer. For example, a password policy may be set to
force a change of password in X days, or a setting may stop, or allow, a
user from changing the system time. You will have an opportunity to view all
the settings (and edit them) before applying any security template to your
34
http://www.ebook-browser.com
computer! Ideally, you should apply template settings to a test computer
first, however any group policy can be “disabled” with a few clicks. (see the
above section Concept: Group Policy Controls Users and Computer). It may
be that you never utilize these templates, but by just following the steps
below you will begin to see a world of possibilities in what can be controlled
via Group Policy and Security Templates. This includes gpedit.msc and
secpol.msc.
XP includes two tools that allow you to create & apply a security
database—the Security Templates snapin and the Security Configuration
and Analysis snapin.
Security Configuration & Analysis – This snapin is the real engine that gets things
done. It allows you to import your security “template” into a database, then compare
current policy (or lack of policy) with the imported template file. (The comparison is
shown using a database file with extension .sdb.) This tool also allows the important
option to Configure Computer Now to apply the policy contained in the Security
Template file (extension is .inf). Configuring this way can automatically set dozens of
settings in seconds.
Security Templates -- a viewer and editor for
modifying local group policy. You can take a predefined template and modify it. It saves data to a file
named with extension .inf. The gpedit.msc tool has
similar functionality, but will not take the place of
this snap-in for template creation.
Further Reading
Windows XP Security Guide
Securing Standalone Windows XP Clients
http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/xpsgch05.mspx
So much for theory—here is how to start your own custom security
template.
First, create your two snap-ins. You do this with the Microsoft Management
Console (MMC).
1. You must be logged in as an Administrator, Click Start | Run
2. Type in mmc, click OK
3. Click File | Add/Remove Snapin…
4. Click Add…
5. Click Security Configuration & Analysis in the Add Standalone
Snap-in box, then click Add
35
http://www.ebook-browser.com
6. Click Security Template in the Add Standalone Snap-in box, then
click Add
7. Click Close in the Add Standalone Snap-in box
8. Click OK on the Add/Remove Snap-in box
9. Save your new Console—by default it will save as Console1.msc and
be stored in the Administrative Tools folder (Start | Programs | Administrative Tools).
You can change either of these if you wish, except do not change the
.msc extension.
Next, use your new tool to create and manage your template!
This is the easy part because Microsoft has included 7 security templates in
Windows XP. Two of these may be appropriate for your needs,
securews.inf
(‘secure workstation’) and hisecws.inf (highly secure
workstation). Both are located in C:\WINDOWS\security\templates.
Here’s how it works…
• Select a pre-defined template
• Modify it, if necessary
• Save as and rename
• Import it as a new database
• Open your database, Analyze or Configure Computer Now!
You have already created your MMC with two snap-ins.
1. Open your new Console1.msc, then right-click on the Security
Configuration & Analysis (SC&A) icon, select Open Database
2. Make up a name. Type it in the Filename textbox, then click Open
3. In the Import Template box choose securews.inf , then click Open
You have just imported a pre-defined security template into your snap-in and applied a custom
name for it. Now you can use it to analyze your computer.
4. Right-click again on the SC&A icon, select Open Database. Highlight
your new database, click Open.
5. Again right-click the SC&A icon, choose Analyze Computer Now…
6. Click OK to the log file location…then wait for the analysis
7. Next review the results by starting with Account Policies. Drill down in
the left pan until you see the settings on the right pane showing two
columns—your new proposed settings are to the left, the current
36
http://www.ebook-browser.com
settings are to the right. You can double click any setting to edit it.
8. You can use the File menu to choose to Save or Save As…. But if
you close the MMC without saving, you will be prompted to save it,
and if you’ve also made changes you will be prompted to save your
database.
Review
You reviewed the process of creating a new Security Template, naming
it, saving it, and editing it for your needs. You ran the Analyze Computer
Now utility and reviewed current settings with proposed settings. You
may decide to apply your new policy by choosing Configure Computer
Now.
Disaster Recovery Options
We spoke briefly about the hypothetical “Worst Case Senario” in Chapter 1.
We emphasized backing up your data and outlined the steps to take in
reformatting your disk if you believe you have no other options. Thankfully
XP and other software provide several options, and they are used
depending on the type of problem and its severity. In a nutshell they are:
1. Reboot the PC and press F8, Choose “Last Known Good…”.
2. Reboot, press F8, Choose Safe Mode, troubleshoot
3. Run virus scan of entire hard drive, clean any infected files
4. Run the Malicious Software Removal Tool if needed
http://www.microsoft.com/security/malwareremove/default.mspx
5. Run System Restore to return to an earlier configuration
Click Start | Help and Support | Performance and Maintenance | Using
System Restore to undo changes, | Run the System Restore Wizard.
6. Run System Recovery with the Save data first option
7. Run System Recovery with the “destructive” mode to reformat the disk
If unsuccessful with the above and if you have a vendor “Recovery
CDROM” you may be able to use it by inserting it and pressing the key
on screen to boot from the CD. You should get an option to “backup” all
existing data, then format a portion of your hard drive to reinstall a fresh
37
http://www.ebook-browser.com
copy of Windows XP.
Malicious Software Removal Tool
Windows Malicious Software Removal Tool - Download Page:
http://www.microsoft.com/security/malwareremove/default.mspx
The Windows Malicious Software Removal Tool is freely-distributed
software developed by Microsoft for their Windows operating system. The
software was originally released by Microsoft in January 2005. It is updated
on the second Tuesday of every month via Windows Update, at which point
it is run automatically in the background and reports if malicious software is
found. To run it manually at other times, one can download the tool from
Microsoft and to start "mrt.exe" from the command interface, by going to the
system32 folder, or by using the Run command in the Start Menu.
Removing Temporary Files
Copy & paste the following into your search utiltity (Start | Search | File & folders)
*.tmp,*.chk,~*.*
If you desire, it is safe to delete all search results. If no files were found,
open My Computer and click on the Tools menu and choose Folder
Options, then click on the View tab and scroll thru that list to be sure "Show
hidden files and folders" IS checked and "Hide protected operating system
files" is NOT checked. Try searching again.
Deleting a File that Won’t Delete
Three attributes need to exist. Check the file’s Properites (Right-click | Properties)
1. Logon as administrator and navigate to the file.
2. Click Security tab, select System user. Next to Full Control click Deny, Click OK.
3. Still in Security, ensure Administrators have Full Control
4. Click Advanced, then ensure Administrator is Owner.
5. Logoff and logon again as Admin. Delete the file.
38
http://www.ebook-browser.com
10 Free Tools
10 Free Security Tools
You probably know best which of these you need. Research them and decide for
yourself. They are free at the following sites:
http://www.winpatrol.com/download.html
WINPATROL
Acts like a watchdog to monitors Windows computers for hacker activity. Also used
to monitor and control Windows services, detect and review new auto-startup
programs and monitor IE home and search pages
http://noscript.net/
NOSCRIPT
Works on Firefox, Flock, Seamonkey and other Mozilla-based browsers. This free
add-on allows JavaScript, Java, Flash and other plugins to be executed only by
trusted web sites, providing powerful anti-XSS protection directly in the browser.
http://www.ccleaner.com/
CC CLEANER
Lightweight utility to remove unused and temp files, URL history, and cookies from
the three main Web browsers (IE, Firefox and Opera). Features a registry cleaner.
http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp?lid=nav_za
ZONEALARM
Easy-to-use firewall systematically identifies hackers and blocks access attempts.
http://free.grisoft.com/doc/39798/us/frt/0
ROOTKIT DETECTION
Detects and removes hidden rootkits used by hackers to hide malicious software
from security programs.
http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted
TREND SECURE
Trend Micro RUBotted - Beta program intelligently monitors Windows machines for remote
botnet C&C (command and control) commands. These can include commands to turn the
zombie machine into a spam relay; launch denial-of-service attacks; or host malicious Web
sites for phishing attacks.
39
http://www.ebook-browser.com
http://www.hautesecure.com
Haute Secure
Free browser plugin (Internet Explorer and Firefox) covers the growing data security
hole between your firewall and anti-virus programs. It provides an aggressive, colorcoded early warning system for drive-by malware attacks.
http://www.opendns.com
OPEN DNS
Open DNS - No software to install. Just change your DNS settings to use OpenDNS
servers (208.67.222.222 and 208.67.220.220) to get valuable security features—
content filtering, adult site blocking, phishing and malware blocking, and protection
against DNS rebinding attacks.
https://psi.secunia.com/
Secunia Personal Software Inspector
The Secunia PSI examines .exe, .dll, and .ocx files on your computer and matches
the data against a file signatures engine to determine whether you are running
unpatched software programs. It then provides help in patching the vulnerabilities
that are identified.
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-Free-dition.html
B IT DEFENDER
Provides on-demand scan engines to find and remove viruses. Features include
scheduled scanning, immediate scanning, ability to quarantine suspicious files and
reporting capabilities.
40
http://www.ebook-browser.com
Best Practices
• Practice safe online communication. Don’t share your main e-mail
address with those you don’t know. Don’t place your e-mail address in
the big Internet directories and job-hunting sites. Don't open
attachments in e-mail or instant messages unless you know who
they're from.
• Use trusted software from reputable companies. There’s lots of
software online that offers fun or valuable tools for little or no money.
Don’t find out the hard way that the true cost is sometimes malicious
code hidden in that software program. Check carefully before running
or downloading software that doesn't come from legitimate and
trustworthy sources.
• Use a firewall A firewall is a software program or piece of hardware
that can help screen out RATS or other malicious software.
• Keep your antivirus definitions up-to-date, no more than 30 days
old.
• Use a router with NAT programming, most any newer Linksys will
do.
• Keep your security patches up to date. Visit Microsoft Update to
help make sure you've got the latest updates for your computer.
• Have a healthy sense of paranoia.
• Use longer passwords….at least 8 characters with numbers &
letters, no words.
• Use admin privilege very sparingly.
• Don't trust Internet Explorer Protected Mode to stop all attacks
• Don't think DEP or other simple settings can stop all attacks
• Don't believe any technology can stop all attacks.
• If your not using your computer, turn it off. If your not using the
Internet, turn off your router, or unplug your CAT 5 cable.
41
http://www.ebook-browser.com
References
Grossman, Wendy M The Guardian, Thursday September 20 2007
http://www.guardian.co.uk/theguardian
Harris, Shon, CISSP ALL IN ONE Exam Guide, 2005
Linksys Network Security Page
http://www.linksys.com/servlet/Satellite?c=L_Content_C1&childpagen
ame=US%2FLayout&cid=1169671217533&packedargs=site%3DUS&pa
gename=Linksys%2FCommon%2FVisitorWrapper&lid=1753391212B05
Microsoft Security Page
www.microsoft.com/protect
Microsoft Security Tools Page
http://www.microsoft.com/downloads/browse.aspx?displaylang=en&pr
oductID=48B4FDF4-6D3A-4245-B798-C6FE2FD31153
SANS.org
http://www.sans.org/free_resources.php
42